CyberSec.Space Logo
Back to CVE Browser

CVE-2007-2843

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1630%
EPSS Percentile22.14th
PublishedMay 24, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably involving setTimeout and timed events.

Affected Platforms (CPE)

πŸ“¦
Apple

Safari

= 2.0.4

References & Advisories

πŸ”— http://osvdb.org/38859
πŸ”— http://www.businessinfo.co.uk/labs/googlesnoop/snoop.html
πŸ”— http://www.securityfocus.com/bid/24121
πŸ”— http://www.thespanner.co.uk/2007/05/18/safari-needs-fixing/
πŸ”— http://osvdb.org/38859
πŸ”— http://www.businessinfo.co.uk/labs/googlesnoop/snoop.html
πŸ”— http://www.securityfocus.com/bid/24121
πŸ”— http://www.thespanner.co.uk/2007/05/18/safari-needs-fixing/

Related Vulnerabilities

CVE-2004-053910.0

The "Show in Finder" button in the Safari web browser in Mac OS X 10.3.4 and 10.2.8 may execute downloaded applications, which cou...

CVE-2008-230310.0

Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitra...

CVE-2004-009210.0

Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and 10.3.2, with unknown impact.

CVE-2009-013710.0

Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X 10.4.11 and 10.5.6, and Windows XP and Vista, allow remote at...